US Patent 9766915 Method for creation of application containers inside OS containers

Method for partitioning containers includes instantiating a selected container under a host OS; opening a file system of the selected container for modification; inside the FS of the selected container, creating an image file of an Application Container; mounting a virtual disk that corresponds to the image file; mounting the Application Container file system inside the image file; defining boundaries of the Application Container; placing Application Container files inside the Application Container file system; and creating an interface between the selected container and the Application Container for exchanging data. The processes of the Application Container connect to processes of the selected container as if they were native host OS processes. The Application Container can only request data from the host OS through the interface of the selected container. The image file is protected from modification by the selected container. The processes of the Application Container are launched inside the boundaries.